Scottish Qualifications Authority Assessment Report · Scottish Qualifications Authority Assessment Report ... the public as part of the Data ... The Keeper agrees this element of

Public Records (Scotland) Act 2011

Scottish Qualifications Authority Assessment Report

The Keeper of the Records of Scotland

13th August 2015

Assessment Report

National Records of Scotland 2

Contents 1. Public Records (Scotland) Act 2011 ............................................................ 3 2. Executive Summary .................................................................................... 4 3. Authority Background .................................................................................. 5 4. Assessment Process ................................................................................... 6 5. Model Plan Elements: Checklist .................................................................. 7 6. Keeper’s Summary .................................................................................... 25 7. Keeper’s Determination ............................................................................. 26 8. Keeper's Endorsement………………………………………………………….27

Assessment Report


1. Public Records (Scotland) Act 2011

The Public Records (Scotland) Act 2011 (the Act) received Royal assent on 20 April 2011. It is the first new public records legislation in Scotland since 1937 and came fully into force on 1 January 2013. Its primary aim is to promote efficient and accountable record keeping by named Scottish public authorities. The Act has its origins in The Historical Abuse Systemic Review: Residential Schools and Children’s Homes in Scotland 1950-1995 (The Shaw Report) published in 2007. The Shaw Report recorded how its investigations were hampered by poor record keeping and found that thousands of records had been created, but were then lost due to an inadequate legislative framework and poor records management. Crucially, it demonstrated how former residents of children’s homes were denied access to information about their formative years. The Shaw Report demonstrated that management of records in all formats (paper and electronic) is not just a bureaucratic process, but central to good governance and should not be ignored. A follow-up review of public records legislation by the Keeper of the Records of Scotland (the Keeper) found further evidence of poor records management across the public sector. This resulted in the passage of the Act by the Scottish Parliament in March 2011. The Act requires a named authority to prepare and implement a records management plan (RMP) which must set out proper arrangements for the management of its records. A plan must clearly describe the way the authority cares for the records that it creates, in any format, whilst carrying out its business activities. The RMP must be agreed with the Keeper and regularly reviewed.

Assessment Report


2. Executive Summary This report sets out the findings of the Keeper’s assessment of the RMP of Scottish Qualifications Authority by the Public Records (Scotland) Act 2011 Assessment Team following its submission to the Keeper on [date]. The assessment considered whether the RMP of Scottish Qualifications Authority was developed with proper regard to the 14 elements of the Keeper’s statutory Model Records Management Plan (the Model Plan) under section 8(3) of the Act, and whether in this respect it complies with it and the specific requirements of the Act. The outcome of the assessment and the Keeper’s decision on whether the RMP of Scottish Qualifications Authority complies with the Act can be found under section 7 of this report with relevant recommendations.

Assessment Report


3. Authority Background

Scottish Qualifications Authority (SQA) develops, assesses and awards qualifications taken in workplaces, colleges and schools. They provide qualifications across Scotland, the UK and internationally. Separately, as SQA Accreditation, they authorise all vocational qualifications (other than degrees) delivered in Scotland. A Chair and Board are appointed by the Scottish Government to oversee and direct SQA. There is also an Advisory Council appointed by the Scottish Government to provide independent advice to Ministers and SQA. A permanent staff, headed by the Chief Executive, manages and carries out the development and delivery of new and existing qualifications. Additional members of staff are appointed as required on a short-term contract or secondment basis to undertake duties relating to particular projects. The Management Team is responsible to the Chair and the Board for day-to-day operations. SQA’s Management Statement and Financial Memorandum, drawn up in consultation with the Scottish Government Education Department, sets out the broad framework within which they operate. This includes: ■ the rules and guidelines relevant to the exercise of SQA functions, duties and powers. ■ the conditions under which any public funds are paid to SQA. ■ how SQA are to be held to account for their performance. http://www.sqa.org.uk/sqa/70972.html

Assessment Report


4. Keeper’s Assessment Process The RMP was assessed by the Public Records (Scotland) Act Assessment Team on behalf of the Keeper. Assessors used the checklist elements listed in section 5, to establish whether the Scottish Qualifications Authority ‘s RMP was developed with proper regard to the elements of the Model Plan and is compliant with the Act. The assessment also considered whether there was sufficient supporting evidence of such compliance. Key:

G

The Keeper agrees this element of an authority’s plan.

A

The Keeper agrees this element of an authority’s plan as an ‘improvement model’. This means that he is convinced of the authority’s commitment to closing a gap in provision. He will request that he is updated as work on this element progresses.

R

There is a serious gap in provision for this element with no clear explanation of how this will be addressed. The Keeper may choose to return the RMP on this basis.

Assessment Report


Scottish Qualifications Authority Referred to as SQA in the assessment below

5. Model Plan Elements: Checklist Element Present Evidence Notes

1. Senior Officer Compulsory element

G G SQA have identified Maidie Cahill, Director of Corporate Services and SIRO, as the individual with overall responsibility for records management in the authority. This appointment is confirmed by a letter to the Keeper from Dr Janet Brown, Chief Executive, dated 5th August 2015. This is also confirmed by a Records Management Statement of Responsibility signed by the Director of Corporate Services (evidence 1). Her responsibility for “leading a culture of good information management” in the authority is published to the public as part of the Data Protection Policy (section 6.4) (see element 9) and internally as part of the Records Management Policy (section 7) (see element 3). As Director of Corporate Services Ms Cahill sits on the Executive Management

Assessment Report


Team who approved the Records Management Plan and corresponding Improvement Plan on 2nd June 2015. Ms Cahill is the ‘owner’ of the Records Management Policy (see element 3), the Retention and Disposal Policy (see element 5), the Information Security Policy (see element 8), and the Business Continuity Policy (see element 10). Ms Cahill chairs the RMP Delivery and Information Governance Steering Group (see under General Comments at end), the Information Security Steering Group (see element 8) and the Business Continuity Steering group (see element 10). The Keeper agrees that SQA have identified an appropriate individual to this role as required by the Act.

2. Records Manager Compulsory element

G G SQA have identified Kirsty Hurt, Records Manager, as the individual with day-to-day responsibility for implementing the Records Management Plan. This is confirmed by a Records Management Statement of Responsibility signed by the Director of Corporate Services (evidence 1) (see element 1). The identification is supported by the Records Manager Job Profile (evidence 3). Which has as an objective: “Develop and maintain a Records Management Plan which is compliant with the Public Records (Scotland) Act 2011.” Ms. Hurt holds an MSc in Information Management and Preservation. She has a Data Protection Practitioner Qualification. Creation and delivery of records management training is a responsibility of the records manager (see element 12).

Assessment Report


Ms. Hurt is the author of the Records Management Plan and accompanying Improvement Plan, the Records Management Policy (see element 3), the Retention and Disposal Policy (see element 5), the Disposal Procedures (see element 6), the Archival Transfer Process guidance document (see element 7) and the Self-Assessment and Review Process (see element 13). This shows that Ms. Hurt has a detailed knowledge of records management provision in the authority. Ms. Hurt sits on the RMP Delivery and Information Governance Steering Group (see under General Comments at end) and more generally the Information Governance Team. The Records Manager is responsible for initiating the review of the Plan (see element 13). The Keeper agrees that SQA have identified an appropriate individual to this role as required by the Act.

3. Policy Compulsory element

G G SQA has a Records Management Policy which has been provided to the Keeper (evidence 2). This is version 1.0 created by Kirsty Hurt (see element 2) and ‘owned’ by Maidie Cahill (see element 1) who approved it on 23rd January 2015 and endorses it in a covering letter (evidence 1). The Records Management Policy is made available to staff through the intranet (Lotus Notes). The Keeper’s Assessment Team were allowed temporary access to this system and can confirm that the Policy is available. The Keeper thanks SQA for this consideration. The Policy was also introduced to staff in the corporate newsletter (copy provided as evidence 58).

Assessment Report


The commitments in the Policy support the objectives of the Plan. The Policy identifies records as a business asset (page 3) and mentions the Public Records Scotland Act 2011. The Policy is due for review in February 2016. SQA have committed to providing the Keeper with the revised version when appropriate. The Keeper agrees that SQA has an approved and operational records management policy statement, available to appropriate staff, a required by the Act.

4. Business Classification

A G SQA’s Records Management Policy (see element 3) commits the organisation to produce a “corporate classification scheme and file plan guidance which details the functions, activities and transactions of SQA and should be used when creating a folder structure/file plan for storing and managing records” (Policy section 5). The Keeper has been provided with the Business Classification Scheme v1.0 (evidence 4). This was created, and then reviewed, with assistance from representatives from each business area. The Keeper has been provided with staff guidance on how to develop and populate the folder structure (evidence 5) using Human Resources as an example. The Keeper commends the use of local support in the development of the records management system (see Local Champions under General Comments at end). However, this scheme is not yet fully rolled out in the organisation and the Classification Scheme has yet to be fully mapped against existing folder structures. A pilot will begin shortly. The Improvement Plan (approved by the Executive Management Team in June 2015) targets the pilot for the end of 2015, with full roll-out completed by 2018. Staff training in the use of the new structure will accompany the roll-out (Improvement Plan page 5). The Keeper agrees this is a reasonable

Assessment Report


timescale and agrees that there is evidence of commitment to proceed. He will request updates periodically (perhaps annually) as this important work progresses. (See Improvement Plan under General Comments at end). Guidance to the Business Classification Scheme will be provided to staff through their intranet (Lotus Notes) and has been provided to the Keeper. The Keeper has seen Folder Structure Guidance version 3.0 (evidence 5). SQA operates a hybrid records system with electronic records held on structured drives and on “specialist content systems” with hard-copy records principally held in an out-store at Newtongrange. The Keeper agrees this element of the SQA’s Records Management Plan on ‘Improvement Model’ terms. This means that he acknowledges that the Authority has recognised a gap in records management provision (the business classification scheme is not fully operational) and has put process in place to close that gap. He agrees this element on the understanding that he will be provided with updates as the project advances.

5. Retention schedule

G G SQA’s Records Management Policy (see element 3) commits the organisation to produce “records retention schedules and procedures which provide clear guidance regarding the periods of time that SQA records should be retained” (Policy section 5). SQA has a Retention Schedule (version 1.0) covering all the activities shown in the Business Classification Scheme (see element 4). This has been provided to the Keeper as evidence 6. The Retention Schedule (and the Business Classification Scheme at element 4) was

Assessment Report


created with the assistance of representatives from each business area. The Keeper commends the use of local support in the formulation of retention decisions as likely to create a more useful business tool. There is a commitment in the Records Management Plan to align the corporate folder structures against the Retention Schedule. This is agreed as part of the element 4 improvement plan. SQA have provided their Retention and Disposal Policy as evidence 7 and their Retention Schedule User Guidance as evidence 8. “All changes to SQA’s Retention schedule are managed and reviewed by the Records Manager in consultation with the Info Reps from each business area” (Records Management Plan page 10). The Keeper agrees that SQA has a retention schedule that allocates retention decisions to the record types identified in the business classification scheme.

6. Destruction ArrangementsCompulsory element

G G SQA’s Records Management Policy (see element 3) commits the organisation to produce “guidance and procedures which detail the correct procedures to follow when disposing of records and information.” (Policy section 5) SQA have provided their Disposal Procedures as evidence 9. This is accompanied by those for the hard-copy records out-store at Newtongrange (evidence 12). Paper: Instructions for the irretrievable destruction of paper records held locally and in the Newtongrange out-store have been provided to the Keeper (evidence 9 – 13). The Guidance explains the use of in-house shredders and the procedures for utilising the services of a commercial shredding contractor. A destruction certificate from the external shredding company has been provided as evidence that the

Assessment Report


external arrangements are operational (evidence 14). Electronic: Staff guidance on the irretrievable destruction of electronic records, including deleting copies and emptying the ‘recycle bin’, has been provided to the Keeper (evidence 9) Hardware: Records held on drives, mobile devices etc. are destroyed by an external organisation and a redacted contract has been provided as evidence that these arrangements are in place. Back-Ups: SQA have provided a statement and table clearly showing the deletion of continuity backups as part of the Records Management Plan (page 12) All disposals of records must be authorised by a Head of Service or senior manager with overall responsibility for them. A record of disposal is retained (Retention and Disposal Policy section 5). The Keeper agrees that SQA have arrangements in place to ensure the irretrievable destruction of records when appropriate as required by the Act.

7. Archiving and Transfer Compulsory element

G G SQA has identified the National Records of Scotland as the repository to which they will transfer records selected for permanent preservation. The authority has a Memorandum of Understanding with the Keeper to support the transfer arrangements. This has been provided as evidence 17. They have also provided their Archival Transfer Process guidance document created by the Records Manager (see element 2) and a sample transfer form (evidence 18 and 19). Please note that, during any review of the archiving procedures in the

Assessment Report


Authority, consideration should be given to the necessity of involving the Keeper’s Client Managers. The Keeper agrees that the SQA has appropriate archiving arrangements in place and that are with a suitable repository.

8. Information Security Compulsory element

G G SQA’s Records Management Policy (see element 3) commits the organisation to produce “procedures that must be followed in order to protect SQA’s information and systems” (Policy section 5). SQA has an Information Security Policy which has been provided to the Keeper (evidence 20). This Policy is dated 1st March 2015 and is ‘owned’ by the SIRO (see element 1). The Information Security Policy is supported by a suite of policies and guidance, such as Security Incident Reporting Form (evidence 21), Social Media Guidelines (evidence 25) and an Access Control Policy (evidence 23). These have been provided to the Keeper (evidence 21 – 25). Maidie Cahill, Director of Corporate Services (see element 1) is chair of the Information Security Steering Group whose remit has been provided (evidence 57). A major training and awareness campaign regarding information security is active in SQA (see element 12). The text for element 8 (Records Management Plan page 17) indicates that the Authority’s Computer and Communications Acceptable Use Policy is currently under review. SQA have committed to submitting all revised documents to the Keeper.

Assessment Report


The Keeper agrees that SQA has an approved and operational information security policy, made available to appropriate staff, as required by the Act.

9. Data Protection

G G SQA’s Records Management Policy (see element 3) commits the organisation to produce a policy which “details SQA’s adherence to the Data Protection Act 1998” (Policy section 5). SQA has a Data Protection Policy published on their website: http://www.sqa.org.uk/files_ccc/SQA_Data_Protection_Policy.pdf The Policy explains the 8 principles of the Data Protection Act. The Authority is registered with the Information Commissioner as Z5781759 (due for renewal in 2015). Subject access information is published at http://www.sqa.org.uk/sqa/57680.html The text of the Records Management Plan (page 21) suggests that the Privacy Statement is currently under review. SQA have committed to submitting all revised documents to the Keeper. All staff are required to complete a Protecting Information course. A certificate has been provided as evidence that this is in operation (evidence 26). A new Privacy Impact Assessment template and guidance document has been provided to the Keeper (evidence 34 and 35). For data sharing see element 14. The Keeper agrees that SQA has properly considered their responsibilities under

Assessment Report


the Data protection Act 1998.

10. Business Continuity and Vital Records

G G The Records Management Plan (page 22) states: “SQA’s approach to business continuity management is based on the ISO 22301:2012 and ISO 22313:2012 standards”. A commitment to work towards these standards features in the Improvement Plan (page 8) (see under General Comments at end). SQA has a Business Continuity Policy which has been provided to the Keeper (evidence 38). This is version 1.0. The Policy is supported by an annual Business Impact Analysis update (template provided as evidence 42). Each service area has a local arrangement and sample showing how one of these Business Recovery Plans looks has been provided (evidence 39) The Policy is dated 1st December 2014 and is ‘owned’ by the SIRO (see element 1). She also sits on the Business Continuity Steering group. There is a full statement explaining how the Business Continuity Policy fits in to the business of SQA in the text of the Records Management Plan (page 22). SQA’s Records Management Policy (see element 3) commits the organisation to produce a plan “to ensure the protection of vital records throughout their lifecycle” (Policy section 5). Vital records are identified in the local area Business Recovery Plan (section3). This identification is supported by a commitment in the Retention and Disposal Policy (evidence 7, section 3.4).

Assessment Report


For electronic records back-up see element 6. SQA has a unique arrangement with the Scottish Government to protect the Qualifications System in Scotland. This is explained in the Plan (page 23). The Improvement Plan page 9 (see under General Comments at end) commits SQA to appoint and train business continuity co-ordinators in each local area. If this will have an effect on record recovery procedures, the Keeper would like to be informed when these individuals are in place. SQA have supplied the Keeper with their Audit Committee’s Business Continuity

System Management Review 2013-14. The Keeper thanks the authority for this inclusion. The Keeper agrees that SQA has an approved and operational business continuity policy, which is made available to appropriate staff. The recovery plan includes records identified as ‘vital’.

11. Audit trail

G G SQA’s Records Management Policy (see element 3) commits the organisation to produce “ corporate naming and version control guidelines which detail the corporate format for file naming and version control numbering” (Policy section 5). Electronic records on shared drives can be tracked by the imposition of version control and naming convention instructions. The Keeper has been provided with these instructions (evidence 45 and 46). Electronic records held on “specialist content systems” are tracked using the

Assessment Report


capabilities built into the software running those systems. Hard Copy records are transferred from the store using forms and logs. Samples of this procedures have been provided to the Keeper (evidence 12 and 47 - 49). Audit trail operations are reviewed quarterly (Plan page 25). Hard-copy withdrawals are reviewed monthly by the team responsible for day-to-day operations. The Keeper agrees that SQA have procedures in place to ensure that the correct version of a record can be located.

12. Competency Framework for records management staff

G G SQA have provided the Records Manager Job Description. This demonstrates that the individual identified at element 2 has the proper skills and has been given the appropriate authority to implement the Records Management Plan. There is a commitment from SQA to provide the Records Manager with CPD resources (Plan page 27/28). Appropriate training, including destruction, for local information reps has been guaranteed by the Plan and a sample of their training has been provided as evidence 59 (see Local Champions under General Comments at end). The Information Security Policy (see element 8) is supplied to staff using a system that ensures staff have acknowledged it. This is monitored by the Information Governance Team. A major training and awareness campaign regarding information security is active in SQA. The Information Governance Training Plan and a sample of the information security campaign have been provided as evidence 61 and 58 respectively. IT security guidance forms part of the staff induction. All staff are required to complete a mandatory “Protecting Information” course. A

Assessment Report


certificate has been provided as evidence that this is in operation (evidence 26). This course will be repeated at regular intervals. The Plan commits SQA under the following terms: “Where instances of poor information management are evident these will be monitored to identify specific training needs which will then be undertaken.” (Plan page 31). The Keeper commends this statement. Staff are alerted to records management topics by various means including the staff newsletter Inform. A sample of Inform has been sent as evidence 58. This issue features an article on the work of the Information Governance Team. The Keeper agrees that the Records Manager has the proper resources to carry out the role explained in element 2 and that SQA have considered appropriate information governance training for their staff.

13. Assessment and Review

G G The Public Records Act 2011 requires scheduled public authorities to “keep its records management plan under review” (part 1 5.1 (a)). The control sheet of SQA’s Records Management Plan indicates a review date of 2016. The review of the Plan will be carried out by the Records Manager (see element 2) with assistance from ‘Information Reps.’ in service areas (see Local Champions under General Comments at end). The Keeper commends the principle of ensuring local input to review decisions particularly in the early stages of implementation. The review will be carried out using a self-assessment system. The process has been explained in a document provided to the Keeper (evidence 52). SQA have also

Assessment Report


provided a sample questionnaire that will facilitate the review (evidence 51). The Plan suggests that the Records Manager (see element 2) will carry out spot-checks in service areas to ensure that the questionnaire responses match the operational reality (Plan page 30). The Keeper commends this idea. The results of the review will be reported to the RMP Delivery and Information Governance Steering Group (see under General Comments at end). The review process itself has a review date of 2016. The Improvement Plan (see under General Comments at end) suggest that the Records Management Plan may fall under the authority’s Internal Audit programme in the future (Improvement Plan page 10). The Keeper commends this idea and wishes to be kept informed. The Records Management Policy (see element 3) is due for review February 2016. The Business Classification Scheme (see element 4) and Retention Schedule (see element 5) will be reviewed annually by the Records Manager (see element 2). Disposal procedures are reviewed annually using a self-assessment test. There is a specific review of the procedures at the Newtongrange out-store (see element 6). The Newtongrange Records Store Procedures are reviewed annually “to make sure they are being adhered to and remain fit for purpose”. The review of destruction procedures is done in conjunction with the local Info. Reps. The Information Security Policy (see element 8) is due for review February 2016. The Data Protection Policy (see element 9) is reviewed annually by the Data

Assessment Report


Protection Team. The Business Continuity Policy is due for review December 2015. The Data Sharing Agreement and Template (see element 14) are reviewed annually. The Improvement Plan (see under General Comments at end) is due for review in 2016. The archiving arrangements (see element 7) “will be audited and reviewed on an annual basis”. Please note that, during any review of the archiving procedures in the Authority, consideration should be given to the necessity of involving the Keeper’s Client Managers. With all of the above, SQA have committed to providing the Keeper with relevant updates. Audit trail operations at Newtongrange are reviewed quarterly (Plan page 25). Hard-copy withdrawals are reviewed monthly. Local Business Recovery Plans (see element 10) are reviewed biannually. The Keeper agrees that SQA has installed a formal review procedure as part of their records management plan as required by the Act, and that clear review dates have been allocated to each of the supplied policy documents.

Assessment Report


14. Shared Information

G G SQA shares information using a template (provided as evidence 37) and Data Sharing Register (sample provided as evidence 53). The template clearly installs records governance at the outset of data sharing projects. The Keeper has also been provided with staff guidance on the benefits and risks of data sharing (evidence 36). The Keeper agrees that the SQA properly consider information governance when embarking on a data sharing exercise.

Assessment Report


Scottish Qualifications Authority Referred to as SQA in the assessment below

Version This assessment is on the Records Management Plan of SQA version 1.1. This version is an amendment of the version approved by the Executive Management Team on 2nd June 2015. The Records Manager (see element 2) is the author of the Plan. The Plan has a review date of 2016. The Plan is accompanied by an Improvement Plan showing information governance actions going forward (see below). The RMP is based on the Keeper’s, 14 element Model Plan http://www.nrscotland.gov.uk/record-keeping/public-records-scotland-act-2011/resources/model-records-management-plan. Third Parties The Records Management Policy (page 1) refers to “third parties and partners in the course of carrying out functions on behalf of the organisation”. There is a similar mention in the Retention and Disposal Policy (page 2). The Act requires public authorities to ensure that records management provision in third parties, who are carrying out functions of those authorities, is robust enough to match that explained in the authority’s Records Management Plan. SQA have confirmed that no function is contracted out to a third party.

RMP Delivery and Information Governance Steering Group SQA has created a RMP Delivery and Information Governance Steering Group whose remit has been provided (evidence 56). The Group “is to track and monitor development of SQA’s Records Management Plan (RMP) and manage implementation of SQA

Assessment Report


Information Governance policy and practice, and implementation of improvements and changes to practice as appropriate.” The Group will therefore be involved in progressing the Improvement Plan submitted with the Records Management Plan (see below) The RMP Delivery and Information Governance Steering Group is chaired by Maidie Cahill (see element 1) and includes Kirsty Hurt (see element 2). The Keeper views the establishment of this group to be evidence of senior management commitment to develop records management provision in the authority. Local Champions SQA have identified local ‘Info. Reps.’ in their separate business areas who have helped populate the records management systems, particularly the Business Classification Scheme and Retention Schedule. The Info Reps Summary of Role & Responsibilities has been provided as evidence 50. Appropriate training for these individuals has been guaranteed by the Plan (page 28) and a sample of their training has been provided as evidence 59. The Info. Reps. Monitor the retention schedule during the year to alert the Records Manager in any changes to their local business needs. “All changes to SQA’s Retention schedule are managed and reviewed by the Records Manager in consultation with the Info Reps from each business area” (Records Management Plan page 10). Info Reps assist in the annual review of destruction procedures. Info Reps have had a specific training module on the correct destruction procedures that should be followed in the authority. The Improvement Plan page 9 (see below) commits SQA to appoint and train business continuity co-ordinators in each local area. The Keeper strongly commends the inclusion of local area records management ‘champions’ in any system. This is likely to help create a strong business tool for the organisation. Improvement Plan SQA have submitted an Records Management Improvement Plan showing the actions they will take to develop their records management provision going forward. It matches the ‘”Planned Developments” section of each Records Management Plan element. The Improvement Plan was authorised by the Executive Management Team on 2nd June 2015. The Keeper acknowledges and welcomes this commitment. It was created by the Records Manager (see element 2). The Improvement Plan includes a timetable which will be a useful tool for the authority and to help plan any review of the Plan by the Keeper.

Assessment Report


The Improvement Plan is due for review in 2016. SQA have committed to submitting all revised documents to the Keeper.

6. Keeper’s Summary Elements 1 – 14 that the Keeper considers should be in a public authority records management plan have been properly considered by Scottish Qualifications Authority. Policies and governance structures are in place to implement the actions required by the plan.

Assessment Report


7. Keeper’s Determination Based on the assessment process detailed above, the Keeper agrees the RMP of Scottish Qualifications Authority.

The Keeper recommends that Scottish Qualifications Authority should publish its agreed RMP as an example of good practice within the authority and the sector.

This report follows the Keeper’s assessment carried out by,

…………………………………… ………………………………… Pete Wadley Robert Fotheringham Public Records Officer Public Records Officer

Assessment Report


8. Endorsement of Report by the Keeper of the Records of Scotland The report has been examined and is endorsed under the signature of the Keeper of the Records of Scotland as proof of compliance under section 1 of the Public Records (Scotland) Act 2011, and confirms formal agreement by the Keeper of the RMP as submitted by Scottish Qualifications Authority. In agreeing this RMP, the Keeper expects Scottish Qualifications Authority to fully implement the agreed RMP and meet its obligations under the Act.

…………………………………………… Tim Ellis Keeper of the Records of Scotland

Scottish Qualifications Authority Assessment Report · Scottish Qualifications Authority Assessment Report ... the public as part of the Data ... The Keeper agrees this element of

Documents